From ec458b8153f11c59a2cf3e2b817266de0fe4d074 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 18 Dec 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.5-20071218 --- postfix/HISTORY | 36 +++++++--- .../README_FILES/ADDRESS_VERIFICATION_README | 2 +- postfix/README_FILES/INSTALL | 2 +- postfix/conf/main.cf | 2 +- postfix/html/ADDRESS_VERIFICATION_README.html | 2 +- postfix/html/INSTALL.html | 2 +- postfix/html/postconf.5.html | 2 +- postfix/man/man5/postconf.5 | 2 +- postfix/mantools/spell | 2 +- .../proto/ADDRESS_VERIFICATION_README.html | 2 +- postfix/proto/INSTALL.html | 2 +- postfix/proto/postconf.proto | 2 +- postfix/proto/stop | 45 +++++++++++- postfix/src/global/mail_version.h | 2 +- postfix/src/milter/milter8.c | 72 +------------------ postfix/src/tlsmgr/Makefile.in | 1 + postfix/src/tlsmgr/tlsmgr.c | 29 +++++--- 17 files changed, 103 insertions(+), 104 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index a5f766d97..73eebcbea 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13781,10 +13781,11 @@ Apologies for any names omitted. 20071030 - Bugfix: Postfix mistakenly enforced the 64kbyte limit (for - sending body parts TO Milter applications) also while - receiving packets FROM Milter applications. The limit is - now at least 1GB. File: milter/milter8.c. + Bugfix (introduced Postfix 2.3): Postfix mistakenly enforced + the 64kbyte limit (for sending body parts TO Milter + applications) also while receiving packets FROM Milter + applications. The limit is now at least 1GB. File: + milter/milter8.c. 20071105 @@ -13876,8 +13877,8 @@ Apologies for any names omitted. features code easier. Files: *qmgr/qmgr_transport.c, *qmgr/qmgr_queue.c, *qmgr/qmgr_entry.c. - Bugfix: don't update the back-to-back delivery time stamp - while deferring mail. File: *qmgr/qmgr_entry.c. + Bugfix (introduced Postfix 2.2): don't update the back-to-back + delivery time stamp while deferring mail. File: *qmgr/qmgr_entry.c. 20071203 @@ -13996,8 +13997,9 @@ Apologies for any names omitted. *qmgr/qmgr_entry.c, smtp/smtp_connect.c, proto/SCHEDULER_README.html. - Bugfix: qmqpd ignored the qmqpd_client_port_logging parameter - setting. File: qmqpd/qmqpd.c. + Bugfix (introduced snapshot 20071006): qmqpd ignored the + qmqpd_client_port_logging parameter setting. File: + qmqpd/qmqpd.c. 20071216 @@ -14009,3 +14011,21 @@ Apologies for any names omitted. The "tls_require_cert" is now compatible with OpenLDAP 2.1 and later. Victor Duchovni. Files: proto/ldap_table, global/dict_ldap.c. + +20071218 + + Cleanup: removed the "#ifdef USE_LIBMILTER_INCLUDES" + dependencies on system-installed Milter protocol include + files. Verified that the object code has not changed. File: + milter/milter8.c. + + Sanity check: idiot filter to detect attempts to use the + same database file for different TLS session caches. File: + tlsmgr/tlsmgr.c. + + Cleanup: updated the spell check stoplist and the spell + check script. Files: mantools/spell, proto/stop. + + Cleanup: replaced documentation references to xxgdb by ddd. + The xxgdb program hasn't been updated in more than 10 years. + Files: proto/postconf.proto, conf/main.cf. diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index 5a3450857..cdb89fc6c 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -246,7 +246,7 @@ this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non- Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using an pre-existing database file, -move it to the data_directory, and change ownership to the account specfied +move it to the data_directory, and change ownership to the account specified with the mail_owner parameter. NOTE 2: Do not put this file in a file system that may run out of space. When diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL index 28bd4635b..34cecbc9c 100644 --- a/postfix/README_FILES/INSTALL +++ b/postfix/README_FILES/INSTALL @@ -491,7 +491,7 @@ or, if you feel nostalgic, use the Postfix sendmail command: # sendmail -bd -qwhatever and watch your maillog file for any error messages. The pathname is /var/log/ -maillog, /var/log/mail, /var/log/syslog, or someting else. Typically, the +maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the pathname is defined in the /etc/syslog.conf file. % egrep '(reject|warning|error|fatal|panic):' /some/log/file diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 41f5fa798..2264a2c75 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -587,7 +587,7 @@ debug_peer_level = 2 # debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - xxgdb $daemon_directory/$process_name $process_id & sleep 5 + ddd $daemon_directory/$process_name $process_id & sleep 5 # If you can't use X, use this to capture the call stack when a # daemon crashes. The result is in a file in the configuration diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index fa6083041..09587e5c0 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -383,7 +383,7 @@ Postfix-owned data_directory. As a open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using an pre-existing database file, move it to the -data_directory, and change ownership to the account specfied with +data_directory, and change ownership to the account specified with the mail_owner parameter.

NOTE 2: Do not put this file in a file system that may run out diff --git a/postfix/html/INSTALL.html b/postfix/html/INSTALL.html index 6d0f6e4f5..0e139ec9c 100644 --- a/postfix/html/INSTALL.html +++ b/postfix/html/INSTALL.html @@ -744,7 +744,7 @@ Postfix system with:

and watch your maillog file for any error messages. The pathname -is /var/log/maillog, /var/log/mail, /var/log/syslog, or someting +is /var/log/maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the pathname is defined in the /etc/syslog.conf file.

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 91aa69b43..d3d1e2b9b 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1582,7 +1582,7 @@ Example: 
 debugger_command =
     PATH=/usr/bin:/usr/X11R6/bin
-    xxgdb $daemon_directory/$process_name $process_id & sleep 5
+    ddd $daemon_directory/$process_name $process_id & sleep 5
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 31d55efce..d885c6f50 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -875,7 +875,7 @@ Example: .ft C debugger_command = PATH=/usr/bin:/usr/X11R6/bin - xxgdb $daemon_directory/$process_name $process_id & sleep 5 + ddd $daemon_directory/$process_name $process_id & sleep 5 .fi .ad .ft R diff --git a/postfix/mantools/spell b/postfix/mantools/spell index d21273d7a..291064f1f 100755 --- a/postfix/mantools/spell +++ b/postfix/mantools/spell @@ -3,5 +3,5 @@ for i in $* do echo === $i === - dehtml $i | spell | fgrep -vxf proto/stop + mantools/html2readme $i | col -b | spell | fgrep -vxf proto/stop done diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index 46be3f376..861075688 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -383,7 +383,7 @@ Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using an pre-existing database file, move it to the -data_directory, and change ownership to the account specfied with +data_directory, and change ownership to the account specified with the mail_owner parameter.

NOTE 2: Do not put this file in a file system that may run out diff --git a/postfix/proto/INSTALL.html b/postfix/proto/INSTALL.html index 74a8653c8..bcf1077c2 100644 --- a/postfix/proto/INSTALL.html +++ b/postfix/proto/INSTALL.html @@ -744,7 +744,7 @@ Postfix system with:

and watch your maillog file for any error messages. The pathname -is /var/log/maillog, /var/log/mail, /var/log/syslog, or someting +is /var/log/maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the pathname is defined in the /etc/syslog.conf file.

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index b81932523..8016c28a8 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -6259,7 +6259,7 @@ Example: 
 debugger_command =
     PATH=/usr/bin:/usr/X11R6/bin
-    xxgdb $daemon_directory/$process_name $process_id & sleep 5
+    ddd $daemon_directory/$process_name $process_id & sleep 5
%PARAM 2bounce_notice_recipient postmaster diff --git a/postfix/proto/stop b/postfix/proto/stop index 71b0af5a1..ab197d113 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -261,7 +261,6 @@ pwd qwhatever readme setenv -someting syslog syslogd util @@ -350,8 +349,6 @@ postfinger sotruss strace tcpdump -tcpdumpx -xxgdb BUILTIN SPAM website @@ -1088,3 +1085,45 @@ xxxxxxx yulszqocfzsficvzzju yyyyyy zzzzzz +BC +DKIM +DomainKeys +Hmm +Jnicke +QAdGVzdHBhc +RBL's +RBLs +RST +SMTPS +Spamhaus +Ss +Ubuntu +blocklists +botnet +botnets +bx +cb +co +dest +foreach +int +jp +le +mind's +nqmgr's +overinflating +portscan +preemptions +ps +qf +refcount +ru +spamhaus +stddev +sysadmins +timeline +todo +tt +unsubscribe +wl +zen diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ac343169c..0e5accec6 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20071216" +#define MAIL_RELEASE_DATE "20071218" #define MAIL_VERSION_NUMBER "2.5" #ifdef SNAPSHOT diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index 2aad9612c..7f7fbb641 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -71,37 +71,6 @@ /* Sendmail 8 Milter protocol. */ -#ifdef USE_LIBMILTER_INCLUDES - - /* - * Use the include files that match the installed libmilter library. This - * requires that the libmilter files are installed before Postfix can be - * built with milter support, and requires that Postfix is rebuilt whenever - * protocol version in these files changes. The other option (below) is to - * use our own protocol definitions. - */ -#include -#include - - /* - * Compatibility for missing definitions or for names that have changed over - * time. - */ -#ifndef SMFIF_CHGBODY -#define SMFIF_CHGBODY SMFIF_MODBODY -#endif -#ifndef SMFIF_CHGHDRS -#define SMFIF_CHGHDRS SMFIF_MODHDRS -#endif -#if defined(SMFIC_UNKNOWN) && !defined(SMFIP_NOUNKNOWN) -#define SMFIP_NOUNKNOWN (1L<<8) /* MTA should not send unknown cmd */ -#endif -#if defined(SMFIC_DATA) && !defined(SMFIP_NODATA) -#define SMFIP_NODATA (1L<<9) /* MTA should not send DATA */ -#endif - -#else - /* * Use our own protocol definitions, so that Postfix can be built even when * libmilter is not installed. This means that we must specify the libmilter @@ -186,8 +155,6 @@ */ #define MILTER_CHUNK_SIZE 65535 /* body chunk size */ -#endif - /* Utility library. */ #include @@ -229,9 +196,7 @@ typedef struct { int version; /* application protocol version */ int rq_mask; /* application requests (SMFIF_*) */ int ev_mask; /* application events (SMFIP_*) */ -#ifndef USE_LIBMILTER_INCLUDES int np_mask; /* events outside my protocol version */ -#endif VSTRING *buf; /* I/O buffer */ VSTRING *body; /* I/O buffer */ VSTREAM *fp; /* stream or null (closed) */ @@ -285,8 +250,6 @@ typedef struct { #define XXX_MAX_DATA (INT_MAX / 2) #define XXX_TIMEOUT 10 -#ifndef USE_LIBMILTER_INCLUDES - /* * If we're not using Sendmail's libmilter include files, then we implement * the protocol up to and including version 4, and configure in main.cf what @@ -331,8 +294,6 @@ static NAME_CODE milter8_versions[] = { 0, -1, }; -#endif - /* * Tables to map the above symbolic constants to printable strings. We use * NAME_CODE for commands and replies, and NAME_MASK for bit mask values. @@ -914,7 +875,6 @@ static const char *milter8_event(MILTER8 *milter, int event, /* * Skip this event if it doesn't exist in the protocol that I announced. */ -#ifndef USE_LIBMILTER_INCLUDES if ((skip_event_flag & milter->np_mask) != 0) { if (msg_verbose) msg_info("skipping non-protocol event %s for milter %s", @@ -922,7 +882,6 @@ static const char *milter8_event(MILTER8 *milter, int event, smfic_name : "(unknown MTA event)", milter->m.name); return (milter->def_reply); } -#endif /* * Send the macros for this event, even when we're not reporting the @@ -1459,32 +1418,12 @@ static void milter8_connect(MILTER8 *milter) #endif ); -#ifdef USE_LIBMILTER_INCLUDES - const UINT32_TYPE my_version = SMFI_VERSION; - const UINT32_TYPE my_events = (SMFIP_NOCONNECT | SMFIP_NOHELO - | SMFIP_NOMAIL | SMFIP_NORCPT - | SMFIP_NOBODY | SMFIP_NOHDRS - | SMFIP_NOEOH -#ifdef SMFIP_NOHREPL - | SMFIP_NOHREPL -#endif -#ifdef SMFIP_NOUNKNOWN - | SMFIP_NOUNKNOWN -#endif -#ifdef SMFIP_NODATA - | SMFIP_NODATA -#endif - ); - -#else UINT32_TYPE my_version = 0; UINT32_TYPE my_events = 0; char *saved_version; char *cp; char *name; -#endif - /* * Sanity check. */ @@ -1492,8 +1431,6 @@ static void milter8_connect(MILTER8 *milter) msg_panic("%s: milter %s: socket is not closed", myname, milter->m.name); -#ifndef USE_LIBMILTER_INCLUDES - /* * For user friendliness reasons the milter_protocol configuration * parameter can specify both the protocol version and protocol @@ -1547,7 +1484,6 @@ static void milter8_connect(MILTER8 *milter) myname, my_version, str_name_mask_opt(milter->buf, "non-protocol event mask", smfip_table, milter->np_mask, NAME_MASK_NUMBER)); -#endif /* * Parse the Milter application endpoint. @@ -2401,9 +2337,7 @@ static int milter8_send(MILTER *m, VSTREAM *stream) ATTR_TYPE_INT, MAIL_ATTR_MILT_VERS, milter->version, ATTR_TYPE_INT, MAIL_ATTR_MILT_ACTS, milter->rq_mask, ATTR_TYPE_INT, MAIL_ATTR_MILT_EVTS, milter->ev_mask, -#ifndef USE_LIBMILTER_INCLUDES ATTR_TYPE_INT, MAIL_ATTR_MILT_NPTS, milter->np_mask, -#endif ATTR_TYPE_INT, MAIL_ATTR_MILT_STAT, milter->state, ATTR_TYPE_INT, MAIL_ATTR_MILT_CONN, milter->conn_timeout, ATTR_TYPE_INT, MAIL_ATTR_MILT_CMD, milter->cmd_timeout, @@ -2462,9 +2396,7 @@ MILTER *milter8_receive(VSTREAM *stream, MILTERS *parent) ATTR_TYPE_INT, MAIL_ATTR_MILT_VERS, &version, ATTR_TYPE_INT, MAIL_ATTR_MILT_ACTS, &rq_mask, ATTR_TYPE_INT, MAIL_ATTR_MILT_EVTS, &ev_mask, -#ifndef USE_LIBMILTER_INCLUDES ATTR_TYPE_INT, MAIL_ATTR_MILT_NPTS, &np_mask, -#endif ATTR_TYPE_INT, MAIL_ATTR_MILT_STAT, &state, ATTR_TYPE_INT, MAIL_ATTR_MILT_CONN, &conn_timeout, ATTR_TYPE_INT, MAIL_ATTR_MILT_CMD, &cmd_timeout, @@ -2489,7 +2421,7 @@ MILTER *milter8_receive(VSTREAM *stream, MILTERS *parent) #endif } else { #define NO_PROTOCOL ((char *) 0) - + if (msg_verbose) msg_info("%s: milter %s", myname, STR(name_buf)); @@ -2502,9 +2434,7 @@ MILTER *milter8_receive(VSTREAM *stream, MILTERS *parent) milter->version = version; milter->rq_mask = rq_mask; milter->ev_mask = ev_mask; -#ifndef USE_LIBMILTER_INCLUDES milter->np_mask = np_mask; -#endif milter->state = state; return (&milter->m); } diff --git a/postfix/src/tlsmgr/Makefile.in b/postfix/src/tlsmgr/Makefile.in index 597f6e650..3d2f27447 100644 --- a/postfix/src/tlsmgr/Makefile.in +++ b/postfix/src/tlsmgr/Makefile.in @@ -64,6 +64,7 @@ tlsmgr.o: ../../include/attr.h tlsmgr.o: ../../include/data_redirect.h tlsmgr.o: ../../include/dict.h tlsmgr.o: ../../include/events.h +tlsmgr.o: ../../include/htable.h tlsmgr.o: ../../include/iostuff.h tlsmgr.o: ../../include/mail_conf.h tlsmgr.o: ../../include/mail_params.h diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c index 2fe71b36a..39843e6eb 100644 --- a/postfix/src/tlsmgr/tlsmgr.c +++ b/postfix/src/tlsmgr/tlsmgr.c @@ -196,6 +196,7 @@ #include #include #include +#include /* Global library. */ @@ -275,12 +276,12 @@ static TLS_PRNG_SRC *rand_source_file; * State for TLS session caches. */ typedef struct { - char *cache_label; - TLS_SCACHE *cache_info; - int cache_active; - char **cache_db; - int *cache_loglevel; - int *cache_timeout; + char *cache_label; /* cache short-hand name */ + TLS_SCACHE *cache_info; /* cache handle */ + int cache_active; /* cache status */ + char **cache_db; /* main.cf parameter value */ + int *cache_loglevel; /* main.cf parameter value */ + int *cache_timeout; /* main.cf parameter value */ } TLSMGR_SCACHE; TLSMGR_SCACHE cache_table[] = { @@ -748,6 +749,8 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv) struct timeval tv; TLSMGR_SCACHE *ent; VSTRING *redirect; + HTABLE *dup_filter; + const char *dup_label; /* * If nothing else works then at least this will get us a few bits of @@ -833,16 +836,22 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv) * Open the session cache files and discard old information before going * to jail, but don't use root privilege. Start the cache maintenance * pseudo threads after dropping privileges. - * - * XXX Need sanity check that the databases have different names. */ - for (ent = cache_table; ent->cache_label; ++ent) - if (**ent->cache_db) + dup_filter = htable_create(sizeof(cache_table) / sizeof(cache_table[0])); + for (ent = cache_table; ent->cache_label; ++ent) { + if (**ent->cache_db) { + if ((dup_label = htable_find(dup_filter, *ent->cache_db)) != 0) + msg_fatal("do not use the same TLS cache file %s for %s and %s", + *ent->cache_db, dup_label, ent->cache_label); + htable_enter(dup_filter, *ent->cache_db, ent->cache_label); ent->cache_info = tls_scache_open(data_redirect_map(redirect, *ent->cache_db), ent->cache_label, *ent->cache_loglevel >= 2, *ent->cache_timeout); + } + } + htable_free(dup_filter, (void (*) (char *)) 0); /* * Clean up and restore privilege.